The Eternity group regularly directs clients to their dedicated Tor link, in which their various malware and their features are laid out in detail. The Telegram channel is dubbed “Eternity Channel.” Basic account details are shown below. The below screenshot of the Eternity Telegram channel illustrates the regular updates and enhancements the group makes to their products. They provide customized viruses and will create viruses with add-on features if the customer desires.The price of the malware ranges from $90-$470 USD.
They have different types of services:Įternity usually operates via Telegram and accepts payments through popular cryptocurrencies including BTC, ETH, XMR, USDT, LTC, DASH, ZEC and DOGE. Eternity advertises via a dedicated Telegram channel named and has an email address of org. These malware are distributed via the Tor proxy.
In this blog, ThreatLabz will explain various aspects of the LilithBot threat campaign.Įternity Project is a malware toolkit which is sold as a malware-as-a-service (MaaS). In this campaign, the malware uses fake certificates to bypass detections it acts as a stealer, miner, clipper, and botnet. In this campaign, the threat actor registers the user on its botnet and steals files and user information by uploading it to a command-and-control (C2) server using the Tor network. In July 2022, Zscaler’s ThreatLabz threat research team identified a multifunctional malware bot known as LilithBot, sold on a subscription basis by the Eternity group.
It steals all the information and uploads itself as a zip file to its Command and Control. LilithBot uses various types of fields such as license key, encoding key, and GUID which is encrypted via AES and decrypts itself at runtime. The malware registers itself on the system and decrypts itself step by step, dropping its configuration file. The group has been continuously enhancing the malware, adding improvements such as anti-debug and anti-VM checks. It has advanced capabilities to be used as a miner, stealer, and a clipper along with its persistence mechanisms. “LilithBot” is distributed by Eternity via a dedicated Telegram channel from which we can purchase it via Tor. One such cyber criminal group, dubbed “Eternity,” has been found selling the malware “LilithBot” Threat groups have been enhancing their capabilities and selling them as Malware-as-a-Service (MaaS) in exchange for a membership fee. In this blog, we’ll provide a deep analysis of the LilithBot campaign, including a look at several variants.
In addition to its primary botnet functionality, it also had built-in stealer, clipper, and miner capabilities. The LilithBot we discovered was being distributed through a dedicated Telegram group and a Tor link that provided one-stop-shopping for these various payloads.
0 kommentar(er)
